Risk Assessment and CISO Appointment in University IT Department

Verified

Added on 2023/04/21

AI Summary

This assignment comprises a risk assessment conducted for a university's digital security, identifying operational risks such as data breaches, software vulnerabilities, hardware failures, data theft, and service deviations. The assessment includes a description of each risk, its potential impact, inherent and residual risk ratings, and key controls for mitigation. The second part recommends the appointment of a Chief Information Security Officer (CISO) within a pharmaceutical start-up, detailing the responsibilities and benefits of having a CISO, including fraud prevention, secure architecture, managed access, and secure operations. The CISO's role is crucial for ensuring data privacy, regulatory compliance, and proactive threat management, contributing to the overall security and operational efficiency of the organization. Desklib provides similar solved assignments for students.

Running head: PROJECT MANAGEMENT
IT Risk management
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

0
PROJECT MANAGEMENT
1. Risk management plan
Opera
tional
Risk
No.
Date
Ident
ified
Opera
tional
Risk
Name
Risk
Descr
iption
Impact
of
Conseq
uences
Likelihood
Impact
Inh
eren
t
Ris
k
Rati
ng
Key
contr
ols in
place
to
mitig
ate
the
risk
Likelihood 2
Impact 2
Residual Risk Rating
Due
Date
for
Migr
ation
Actio
n
Acti
on
Ow
ner
Date
Actio
n
Com
plete
d
1 01-
01-
2019
Huma
n error
It is
identif
ied by
the
CISO
office
r that
due to
the
mista
kes of
the
peopl
e who
work
in the
univer
sity,
the
data
or
infor
matio
n
about
the
studen
t
phone
numb
ers are
not
kept
secure
d
Due to
this, the
persona
l data of
the
student
who
studies
in the
universi
ty got
shared.
Me
diu
m
Hig
h
3 In
order
to
mitiga
te the
risk, it
is
quite
import
ant for
the
emplo
yees
to
follow
the
securit
y
rules
ad
regula
tions
so that
the
data
and
infor
matio
n can
be
kept
secure
d.
Hig
h
Hig
h
4 04-
01-
2019
Miti
gate
05-
01-
2019
2 05-
01-
2019
Softw
are
attacks
Due
to the
virus
Due to
this,
importa
Hig
h
Hig
h
4 In
order
to
Hig
h
Hig
h
5 06-
01-
2019
Miti
gate
07-
01-
2019

1
PROJECT MANAGEMENT
attack,
the
data
as
well
as
infor
matio
n of
the
univer
sity
get
leaked
.
nt
informa
tion get
leaked
that
further
causes
number
of
issues
and
challen
ges
mitiga
te the
issue,
it is
very
much
import
ant to
keep
antivir
us in
order
to
keep
the
infor
matio
n and
data
secure
.
3 03-
01-
2019
Techni
cal
hardw
are
failure
Due
to the
hardw
are
equip
ment
failure
, the
operat
ions
of the
entire
infor
matio
n get
obstru
cted.
It is
found
that due
to
hardwar
e
failure,
the
entire
operatio
n of the
system
cannot
be
conduct
ed that
creates
number
of
issues.
Hig
h
Me
diu
m
4 In
order
to
resolv
e this
issue,
it is
very
much
import
ant to
check
the
worki
ng of
th
hardw
are
materi
al
from
time
to
time
in
order
to
avoid
issues
Hig
h
Me
diu
m
4 04-
01-
2019
Res
olve
05-
01-
2019

2
PROJECT MANAGEMENT
4 06-
01-
2019
Theft If the
worke
rs
who
work
for the
univer
sity
engag
e
within
illegal
work
and
gener
ally
engag
es in
data
theft
then
can
cause
numb
er of
proble
ms
It
generall
y can
number
of
issues
includin
g
financia
l
proble
ms,
ethical
proble
ms and
more
Hig
h
Hig
h
5 In
order
to
mitiga
te this
issue,
it is
quite
import
ant to
track
the
challe
nges
on
regula
r basis
so that
the
proble
m can
be
effecti
vely
resolv
ed.
Hig
h
Me
diu
m
4 07-
01-
2019
Miti
gate
08-
01-
2019
5 08-
01-
2019
Deviat
ion in
servic
e
quality
The
univer
sity
does
not
able
to
provid
e
proper
online
servic
e due
to
proble
m in
the
devel
oped
websit
e
Due to
proble
m in the
online
service,
the
student
face
number
of
proble
ms and
challen
ges in
getting
informa
tion
Me
diu
m
Me
diu
m
4 It is
quite
import
ant to
impro
ve the
servic
e of
the
organi
zation
so that
the
studen
ts can
be
able
to get
proper
online
servic
e.
Me
diu
m
Me
diu
m
4 09-
01-
2019
Miti
gate
10-
01-
2019
6 10- Inform Disclo Due to Me Me 4 In Me Me 4 11- Miti 12-

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

3
PROJECT MANAGEMENT
01-
2019
ation
extorti
on
sure
of
infor
matio
n due
to
impro
per
experi
ence
that
gener
ally
cause
numb
er of
proble
ms as
well
as
challe
nges
informa
tion
disclosu
re, it is
quite
difficult
to
manage
the
operatio
ns of
the
organiz
ation
diu
m
diu
m
order
to
mitiga
te this
issue,
it is
very
much
import
ant to
avoid
infor
matio
n
disclo
sure
diu
m
diu
m
01-
2019
gate 01-
2019

0
PROJECT MANAGEMENT
2. Recommendation to the CEO and the Board regarding the appointment of
a CISO
The appointment of CISO is needed within the Pharmaceuticals start up that mainly
engages as part of business model that generally conducts research as well as development
into the various types of medical products and engages in manufacturing as well as
distributing them. The CISO is required within the organization due to number of reasons.
CISO is one of the senior level executive who will generally be responsible for
establishing as well as maintaining the enterprise vision, strategy as well as program for
ensuring information assets as well as technologies that ae generally protected (Singh and
Hess 2017). In addition to this, they will be responsible of developing, maintaining as well as
implementing different types of procedures across the organization for reducing the
information technology related risks as well as challenges.
It is found that CISO is required within the Pharmaceutical Company as they will
generally conduct various types of security awareness related training by developing secure
business as well as communication related practices by determining the various security
objectives as well as metrics (Reece and Stahl 2015). In addition to they helps inn ensuring
that the company is within the regulatory compliances with appropriate rules and regulations
for relevant bodies and further enforces adherences for different types of security practices.
In addition to this, it is found that CISO will be ensure the data privacy of the
organization by making sure that the data as well as information of the organization is kept
securely. This is generally done with the help of the computer security incident response team
and by undertaking electronic discovery based investigations (Rebollo et al. 2015). Thus, it is
analyzed that in order to keep the data and information of the Pharmaceuticals start-up
company securely.

1
PROJECT MANAGEMENT
CISO is needed so that the data breaches as well as security related incident that occur
within the company will be resolved by the CISO. This is because a CISO does not wait for a
data breach rather they are generally tasked with various anticipating threats on which they
work actively for preventing them from occurrence (Bauer and Bernroider 2017). In addition
to this, the CISO must work properly with other executives of other departments for making
sur that the security system is properly working smoothly for reducing the operational risk of
the organization.
The other benefits that the pharmaceutical start-up company gets due to the
appointment of the CISO are generally listed below:
Fraud prevention: It is found that emailing out various types of sensitive
information as well as or data from the intellectual property will be avoided by the CISO as
they generally handle the work quite effectively (Reece and Stahl 2015). It is found that
they generally utilizes number of tools that further helps in monitoring the information flow
within the organization.
Secures the architecture: Proper security backbone of a company is generally
developed which further helps in securing the entire infrastructure. This further helps in
getting proper idea about how to separate or segment various network (Singh and Hess
2017). Moreover, they also depend on the penetration testers or various types of ethical
hackers for testing the defense for creating proper company.
Manage access: It is found that the employees off the organization generally deals
with the credentials and the appointment of CISO helps in securing those credentials so that
the information and data does not get misused (Rebollo et al. 2015). It is found that they
generally maintains proper accessing tools through which they can track that which Id has
used the credential.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2
PROJECT MANAGEMENT
Secure operations: It is found that with the appointment of CISO, the operations of the
organization can be secured properly. It is found that tis functions generally includes real time
analysis, threats database as well as other internal environments. Thus it is found that with the
appointment of CISO, the operations that are performed by the company will be managed
securely.

3
PROJECT MANAGEMENT
References
Bauer, S. and Bernroider, E.W., 2017. From information security awareness to reasoned
compliant action: analyzing information security policy compliance in a large banking
organization. ACM SIGMIS Database: the DATABASE for Advances in Information
Systems, 48(3), pp.44-68.
Rebollo, O., Mellado, D., Fernández-Medina, E. and Mouratidis, H., 2015. Empirical
evaluation of a cloud computing information security governance framework. Information and
Software Technology, 58, pp.44-57.
Reece, R.P. and Stahl, B.C., 2015. The professionalisation of information security:
Perspectives of UK practitioners. Computers & Security, 48, pp.182-195.
Singh, A. and Hess, T., 2017. How Chief Digital Officers Promote the Digital Transformation
of their Companies. MIS Quarterly Executive, 16(1).

1 out of 9

Risk Assessment and CISO Appointment in University IT Department

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

ITC596 IT Risk Management: Risk Assessment & CISO Appointment Report

+13062052269

info@desklib.com