Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Risk Assessment and Cybersecurity Management Report: AML, CMP73001

Verified

Added on 2022/09/18

AI Summary

This report presents a comprehensive cybersecurity management analysis for Advanced Medicos Limited (AML), focusing on risk assessment and mitigation strategies. It begins with an overview of AML's information security challenges, including the protection of customer data and financial transactions. The report identifies and manages information assets, encompassing physical, software, service, people, information, security, network, computer, removable media, and infrastructure assets. It includes a weighted factor analysis to prioritize asset protection. Furthermore, the report addresses vulnerability and risk management, outlining enterprise risk management steps, identifying vulnerabilities and threats, and proposing a detailed risk management plan. This plan covers threat identification, risk assessment (likelihood, impact, outcome), and recommended control measures, including detective, corrective, preventive, and administrative controls. The report also provides a risk assessment table summarizing observations, existing controls, and recommended actions. Overall, the report provides a strategic framework for AML to enhance its cybersecurity posture and protect its critical assets.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CYBER SECURITY MANAGEMENT
Cyber Security Management
Name of the Student:
Name of the University:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CYBER SECURITY MANAGEMENT
Table of Contents
Background of the study on information security of Advanced Medicos Limited....................2
Task 1: Identify and manage asset.............................................................................................2
1.1 Information asset.........................................................................................................2
1.2 Role of Information security governance in asset management..................................5
1.3 Five information security policies...............................................................................6
Task 2: Vulnerability management and risk management.........................................................6
2.1 Steps of enterprise risk management................................................................................6
2.2 Vulnerabilities in company assets and threats.................................................................7
2.3 Risk management strategy.............................................................................................10
2.4 Risk assessment table.....................................................................................................13
References................................................................................................................................15

2CYBER SECURITY MANAGEMENT
Background of the study on information security of Advanced Medicos
Limited
The report is reflected on the risk calculation of Advanced Medicos Limited (AML),
as the company is facing issues regarding secrecy in addition to the security of customer
private information, details of the credit card along with safekeeping of expense transactions.
In order to identify possible issues and manage the risks, a cybersecurity consultant is being
hired to help in the security management as well as report emerging project risks from the
cyberthreats.
Task 1: Identify and manage asset
1.1 Information asset
Asset ID Assets list Description Asset location Ownership
PA1 Physical
asset
The physical asset is known
as tangible asset such as
properties, inventory, and
others.
Recorded on income
statement as revenue
Software
Analyst
SA2 Software
asset
Tools used to manage
purchase, software
maintenance, disposal of
software applications and
deployment (Safa, Von
Solms and Furnell, 2016)
Application or
program
Software
Developer
SA3 Service asset The resources required for
delivering the services such
Organizational
services
Business
service owner

3CYBER SECURITY MANAGEMENT
as applications,
configuration items.
PA4 People asset People are intangible asset
and the company invests in
intangible asset to build
economic value.
Services of the
organization
HR Manager
IA5 Information
asset
The asset is managed as
single entity and the asset
has financial business values
(Soomro, Shah and Ahmed
2016).
Information asset
register (database)
Information
Security
Officer
SA6 Security
asset
The asset contains data,
device and component of the
security environment
support informational
activities.
Evidence of the risk
management
Cybersecurity
consultant
NA7 Network
asset
It is interconnected asset rely
on each other for providing
services (McCormac et al.
2017).
Part of the IT
network or
infrastructure
Information
Security
Officer
CA8 Computer
asset
This asset contains both
hardware and software
devices and confidential
business data.
Active directory Cybersecurity
consultant
RMA9 Removable It is the storage media that Any drive or Cybersecurity

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CYBER SECURITY MANAGEMENT
media asset are not capable to transfer
executable code.
computer device consultant
PA10 Infrastructure
asset
It includes IT equipment like
servers, network devices,
workstation (Öğütçü, Testik,
and Chouseinoglou 2016).
Organization
network
Information
Security
Officer
The three common classes of information assets are desktops, laptops, and mobile
devices.
Weighted factor analysis
Criteria
Assets Value Risk Success Relations
hips
Stakehold
er
Urgency Weighte
d Score
Rank
25% 20% 20% 10% 15% 10% 100%
Physical
asset
85 60 70 60 45 70 67 1
Software
asset
40 67 60 45 70 56 56 7
Service
asset
40 56 67 67 34 60 52.4 8
People
asset
12 45 67 45 78 45 46.10 9
Informatio
n asset
65 87 67 56 40 56 64.25 3
Security 65 67 67 45 34 67 59.35 4

5CYBER SECURITY MANAGEMENT
asset
Network
asset
45 75 78 56 40 56 59.05 5
Computer
asset
30 45 56 45 12 45 38.5 10
Removabl
e media
asset
40 56 78 45 78 45 57.5 6
Infrastruct
ure asset
78 70 67 45 67 45 65.95 2
1.2 Role of Information security governance in asset management
The information security governance would help in proper asset management of AML
by helping the company in prioritizing the project risks as well as building support of the
resources needed to protect the organization from information security and privacy risks. The
security governance makes direct as well as control over the IT security by adapting of ISO
38500 security standard (Yoon, Hwang and Kim 2019). It also helps the organization in
providing security framework for ensuring that the risks are to be mitigated while there is
proper management of the project risks.

6CYBER SECURITY MANAGEMENT
1.3 Five information security policies
Following are list of the information security policies created for maintaining the
cybersecurity threats of AML as:
i. Enterprise information security policy: It provides details on security of the
organization. It helps to guide people and users to set direction as well as
scope of security efforts of the organization.
ii. Human resource information policy: The determination of this policy is to
give guidance to grow as well as implement the human resources system such
that the system is efficient and comply with the proper legislations (Cram,
Proudfoot and D’Arcy 2017).
iii. Information security policy: The resolution of this policy is to make sure that
the users as well as networks of IT structure in the organization should
maintain security of data stored in the digital form. Only authorized person
should able to access to data.
iv. Records and information management policy: It provides guidance regarding
preservation along with security of the records that should legal and
operational (Safa, Von Solms and Furnell 2016).
v. Information security incident management policy: It should ensure that the
incidents affect regular operations of business should be managed.
Task 2: Vulnerability management and risk management
2.1 Steps of enterprise risk management
Step 1- Establishing the enterprise risk structure: The organization is required to
communicate as well as manage the project risks regards to its position. Each one in the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CYBER SECURITY MANAGEMENT
organization should follow policies to manage possible organizational risks (Hubbard
2020).
Step 2: Assign responsibility: After establishment of enterprise risk structure, it is
required to assign and take ownership of the risks to mitigate and manage it.
Step 3: Producing enterprise risk map: The causes of organizational risks, mitigation
strategies are come in the organization and possible actions are to be identified to manage
it (Aven 2016). The risks are managed efficiently, then it is required to map risks to
various parts of the risk management structure.
Step 4: Decision making: The main aspect of managing the enterprise risk
management is performing actions for managing risks. Decision making process is used
to establish risks against business objectives and set of baseline (Almeida, Hankins and
Williams 2017).
2.2 Vulnerabilities in company assets and threats
Risk
ID
Threat
source
Vulnerability Vulnerability
description
Affected
assets
Existing
controls
Risk
ranking
1 Hacker Password
strength
There is
unclear
allocation of
the information
security
responsibilities
(Giannakis and
Papadopoulos
Information,
infrastructure,
network,
people
The network
password
should be
unique so that
no one can
guess.
Critical

8CYBER SECURITY MANAGEMENT
2016).
2 Physical
database
usage
Unnecessary
services
The
organization is
designed with
low level of
security as
physical
database is
used for storing
data (Sweeting
2017).
Information,
hardware,
physical
Strict
guidelines to
restrict the
unauthorized
access to
customer’s
data.
Medium
3 Security
configuration
issues
Disaster
recovery
There is no
such security
configuration
to routers in
addition
switches.
Infrastructure
, information,
physical,
people
None Medium
4 Lack of
security
measures in
server room
Accessible by
all staffs
The servers
located in the
server room is
accessible by
the staffs
(Wiengarten et
al. 2017).
Software,
service and
information
Training to
the unskilled
employees
High
5 Computer Integrity The backup’s Infrastructure None Medium

9CYBER SECURITY MANAGEMENT
criminal checks files are stored
in single
computer lead
to cause stolen
of the data.
, information,
physical,
people
6 Poorly
trained staffs
Lack of
documentation
Lack of
technical skills
on managing
information
security
breaches (Cole,
Giné and
Vickery 2017)
Information,
infrastructure,
network,
people
Training to
the unskilled
employees
Low

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10CYBER SECURITY MANAGEMENT
2.3 Risk management strategy
Risk management plan – Information Security Risk
Company name: Advanced Medicos Limited (AML) Completed by: Student name
Work area: Cybersecurity management Date completed: Date
Threat identification
Unauthorized access to the network
Risk assessment
What harm could the
threat cause? The threat provides impact on the customer satisfaction as customer’s data are being stolen.
What is the likelihood
of this happening There are high chances of the information security risks.
Existing control
measure The network password should be unique so that no one can guess.
Consequence High
Likelihood High
Outcome Critical

11CYBER SECURITY MANAGEMENT
Control measures
Detective controls
Implement cloud storage database to store customer's data.
Authorized access to the staffs having skills to manage the network and servers
Corrective controls
Strict guidelines for proper security guidelines
Allocate proper staffs to the information security
Preventive
Secured cloud storage database implementation
Firewall implementation
Administrative
Hire technical staffs having skills in technical management of security
Follow information security policies to maintain the security measures
Implementation
Associated activities Resources
required
Person(s)
responsible Sign off and date
Secured cloud storage database Cloud based
software
Chief information
security officer Chief information security officer

12CYBER SECURITY MANAGEMENT
REVIEW
Scheduled review date: 09 / 04 /2020
Are the control measures in place?
Yes
Are the controls eliminating/minimising the risk?
Yes
Are there any new problems with the risk?
No

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13CYBER SECURITY MANAGEMENT
2.4 Risk assessment table
Item
Num
ber
Observations Threat source
and
vulnerability
Existing controls Likelihood Impact Risk
rating
Recommended controls
1 Unauthorized access to the
network
Hacker and
Password
strength
The network password
should be unique so
that no one can guess.
High High Critical The organization should require to
allocate proper staffs to the
information security.
2 Physical database stores
customer information lead to
cause stolen and hacking of
the data (McCormac et al.
2017)
Physical
database usage
and unnecessary
services
Strict guidelines to
restrict the
unauthorized access to
customer’s data.
Medium Medium Medium There should require to implement
cloud storage database to store
customer's data.
3 The infrastructure network of
the organization is not
secured due to lack of
security configurations.
Security
configuration
issues and
disaster
None High Medium Medium There should require to take strict
guidelines for proper security
guidelines.

14CYBER SECURITY MANAGEMENT
recovery
4 Lack of skills and focus on
managing the servers of the
network lead to cause threats
(Hubbard 2020).
Lack of security
measures in
server room and
accessible by all
staffs
Training to the
unskilled employees
High High High There should require to provide
authorized access to the staffs
having skills to manage the
network and servers.
5 Backups of the data are not
taken properly lead to cause
losses of data and
information.
Computer
criminal and
integrity checks
None Medium Medium Medium There should require to follow
information security policies to
maintain the security measures.
6 All the IT staffs are involved
in information security
management, lead to cause
security breaches due to lack
of technical skills in
managing security.
Poorly trained
staffs and lack
of
documentation
Training to the
unskilled employees
Low Low Low The organization should require to
hire technical staffs having skills
in technical management of
security (Almeida, Hankins and
Williams 2017).

15CYBER SECURITY MANAGEMENT
References
Almeida, H., Hankins, K.W. and Williams, R., 2017. Risk management with supply
contracts. The Review of Financial Studies, 30(12), pp.4179-4215.
Aven, T., 2016. Risk assessment and risk management: Review of recent advances on their
foundation. European Journal of Operational Research, 253(1), pp.1-13.
Cole, S., Giné, X. and Vickery, J., 2017. How does risk management influence production
decisions? Evidence from a field experiment. The Review of Financial Studies, 30(6),
pp.1935-1970.
Cram, W.A., Proudfoot, J.G. and D’Arcy, J., 2017. Organizational information security
policies: a review and research framework. European Journal of Information Systems, 26(6),
pp.605-641.
Giannakis, M. and Papadopoulos, T., 2016. Supply chain sustainability: A risk management
approach. International Journal of Production Economics, 171, pp.455-470.
Hubbard, D.W., 2020. The failure of risk management: Why it's broken and how to fix it.
John Wiley & Sons.
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M. and Pattinson, M., 2017.
Individual differences and information security awareness. Computers in Human
Behavior, 69, pp.151-156.
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16CYBER SECURITY MANAGEMENT
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Sweeting, P., 2017. Financial enterprise risk management. Cambridge University Press.
Wiengarten, F., Humphreys, P., Gimenez, C. and McIvor, R., 2016. Risk, risk management
practices, and the success of supply chain integration. International Journal of Production
Economics, 171, pp.361-370.
Yoon, C., Hwang, J.W. and Kim, R., 2019. Exploring factors that influence students’
behaviors in information security. Journal of Information Systems Education, 23(4), p.7.