Cybersecurity Risk Assessment Report for CobWeb - MSc Coursework

Verified

Added on 2019/09/18

AI Summary

This report presents a comprehensive cybersecurity risk assessment for a fictional company, CobWeb, a website development firm. The report begins by identifying and documenting the company's data and information assets, such as customer data and employee information. It then proceeds to analyze potential threats to these assets, including data loss, physical security breaches, and network vulnerabilities. A vulnerability matrix is constructed to assess the likelihood and impact of these threats. The report then calculates risk factors, proposes suitable countermeasures based on a reasonable risk appetite, and justifies these recommendations with relevant calculations. The analysis addresses specific security concerns, such as the lack of employee understanding of security protocols, and the impact of a recent website hack. The report provides a detailed examination of the existing security posture and suggests improvements for enhancing the overall security of the organization.

MSc Cyber Security and Forensics
Risk Management Assessment Specification
Coursework Scenario
You are required to complete a risk assessment and produce a report to management using
the scenario below (in italics) or a similar scenario developed by yourself based on your
past/present work experience. If you decide to choose your own scenario, you must provide
details of the context in which the scenario is set.
Imagine that you are working as an IT security professional for an organisation called
CobWeb. It has 300 employees and one large corporate office with three floors located in
central London. Your organisation is a website development company with gross revenue of
5 million pounds per year. Recently, security problems have become a hot topic with
management, and you have been asked by the CISO (chief information security officer) to
write a security recommendation report for your organisation. The reported security
problems include:
• Data loss due to employee negligence
• Physical break ins
• Employees complain that they do not understand what is expected of them
from a security standpoint
• Network administrator complains that the company allows free access to
anything on the network for anyone who asks for it
• The CobWeb home web page was recently hacked.
Points to consider:
1. Research and document using appropriate forms, all the data and information assets
associated with the organisation. e.g. customer data, employee information etc.
Using appropriate mechanisms, identify the most important assets. [15 marks]
2. Research and document using appropriate forms, all the threats that are likely to
have an impact on the identified data assets. [15 marks]
3. Examine each asset– threat pairing and produce a vulnerability matrix based on
likelihood / probability values etc. [10 marks]
4. Assume there are no specific controls in place to protect the data assets in question.
You may assume general controls such as anti-virus software, logical access controls
etc. are already in place., however for completeness, you may want to list these as
well and then ‘cross them off’ as already existing controls. [0 marks]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5. Using an automated tool, calculate the risk factors for each of the asset-threat
pairing identified above. [10 marks]
6. Using appropriate methodology and assuming a reasonable risk appetite value,
propose suitable countermeasures. [30 marks]
7. Justify your recommendations using appropriate calculations. [20 marks]