Cybersecurity Risk Analysis: Assignment Solution for ISACA

Verified

Added on 2022/11/26

AI Summary

This assignment solution provides an analysis of cybersecurity risks, focusing on an intrusion to an email database. It discusses the importance of proactive security measures, data segregation, and third-party risk assessment. The solution addresses key cybersecurity challenges, including ransomware evolution, AI expansion, and IoT threats. It also explores the fundamentals of cybersecurity, such as advanced encryption, role-based access, and data redaction. The assignment emphasizes the need for businesses to balance data protection with data sharing capabilities and implement element-level security based on employee roles. The document references several research papers to support the analysis.

Running head: SECURITY RISK ANALYSIS
Security Risk Analysis
Name of the student:
Name of the university:
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SECURITY RISK ANALYSIS
Evaluating cyber security risk analysis:
1. Answering the best planning tool:
For the present cyber security, the “intrusion to Epsilon email address database is chosen”. It
is seen that the Epsilon has required that the installed and warning of extra protection is designed.
This is to control the traffic. Further, it helps in alerting the admins in the vent o unusual tasks and
downloaded patterns that are identified. Moreover, it has been apparent that the new system has let
Epsilon in finding the breach very fast. This consists of the effects of just 2% of the customer base. It
is learnt that paying attention to various credible signs, proactively develop the needed security tools
and defenses of reducing the risks are required. This also helps in raising the possibility that the
attack is found and the harm is minimized (Cherdantseva et al.).
Moreover, it is been useful to assure that the data for the customers and specifically the
sensitive data like email databases and private data are been segregated securely from others. Since,
the companies move he data storage and processing to various third part providers, this it is
complicated that the sensitive information can be maintained. This must be in distinct silos such that
the breach of the customer database s never the breach of the databases (Abdo et al.). Beginning
from the premise that this is the matter of time till the information is compromised. This makes the
business to stay in smarter situation in measuring the benefits and drawbacks that engage the third
party and analyses the related risks.
2. Answering the Question 2:
The various challenges faced by the cyber security includes various factors. The first one is
Ransomware evolution. It is a bane for executives, data professionals, IT and cyber security. Then

2SECURITY RISK ANALYSIS
there is AI expansion. Here, the robots can help to defend against the cyber-attacks that are
incoming. Then, there is the IoT threats. Further, there is block chain revolution (Yosef and
Mahmoud). Further, there are serverless applications that invites the cyber-attacks. The approach of
cyber security fundamentals can involve the lack of advanced encryption. This is never a new feature
in database. The encryption has been deployed in systematic and strategy manner. This is to secure
the information from the cyber criminals along with insider threats. It also involves the granular
access that is role based. This also involves various standards based cryptographies and developed
key management. Moreover, there are state-of-art algorithms that dramatically decline the overall
exposure (Paté‐Cornell et al.).
Besides, there are reduction of companies for balancing the protection of the data. This also
involves the capability of the data to share that. Further, the redaction helps the organizations in
sharing data with the minimum effort. This has been concealing the sensitive data. This also includes
the social security numbers and names. This involves the updates and queries. Finally, there is the
element level security. As the redaction is vital, the business requires to perform that. This includes
the properties, elements and level based on various roles of the employees. The business also
requires the implementation of customs and various out-of-box rules.

3SECURITY RISK ANALYSIS
References:
Abdo, H., et al. "A safety/security risk analysis approach of Industrial Control Systems: A cyber
bowtie–combining new version of attack tree with bowtie analysis." Computers & Security
72 (2018): 175-195.
Ashibani, Yosef, and Qusay H. Mahmoud. "Cyber physical systems security: Analysis, challenges
and solutions." Computers & Security 68 (2017): 81-97.
Cherdantseva, Yulia, et al. "A review of cyber security risk assessment methods for SCADA
systems." Computers & security 56 (2016): 1-27.
Paté‐Cornell, M‐Elisabeth, et al. "Cyber risk management for critical infrastructure: A risk analysis
model and three case studies." Risk Analysis 38.2 (2018): 226-241.