Several cybersecurity questions

Other

What is an information security policy and how is it applied to an organization’s information technology enterprise?

What are some key trends and changes in cyber crime since the early 2000s?Give detailed examples.

What are some primary characteristics between risk assessment and risk management that managers need to consider?

Discuss some implications on network security by having multiple layers of protocols that must openly communicate with each other.

Explain how PGP encryption works, and explain why it is considered a hybrid public/private key cryptography.

What countermeasures would be important to control access to a server room? Discuss these in terms of cost, schedule and performance (e.g., importance, benefits, etc.).

Online Banking Case Study: Answer the following questions based on the information provided below.

Information security risk assessment is the process used to identify and understand risks to the confidentiality, integrity, and availability of information and information systems. In its simplest form, a risk assessment consists of the identification and valuation of assets and an analysis of those assets in relation to potential threats and vulnerabilities, resulting in a ranking of risks to mitigate. The resulting information should be used to develop strategies to mitigate those risks. Risk assessments for most industries focus only on the risk to the business entity.Financial institutions must also consider the risk to their customers’ information.For example, U.S. federal regulations require financial institutions to “protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.”

ACME Financial Corporation is planning to roll out their new web and mobile online banking application.However, before deployment, the CEO has asked you (CISO) to assess risks and vulnerabilities, and provide strategies to protect customer data.

For this analysis, you will utilize the following formula

Risk-Rating Factor = (Asset Impact x Likelihood) – Current Controls + Uncertainty

You may assume that ‘Likelihood’ is a numerical value within the scale (0.1 – 1.0) and ‘Asset Impact’ is a numerical value within the scale (1 – 100). ‘Current Controls’ is a numerical value based on the percentage of risk mitigation from control mechanisms.‘Uncertainty’ is a numerical value based on the current knowledge of the vulnerability. You shall determine all values based on your knowledge, experience and/or references for each of the five assets and vulnerabilities. Be sure to explain how you derived all values.

Describe how the information security group should be organized.Illustrate using a hierarchical organization tree. Also, list any policies that should be considered and by whom.

Identify and prioritize 5 assets by calculating risk determination based on vulnerability likelihood of occurrence, percentage of risk mitigated by controls, and uncertainty of knowledge. Complete Table 1 below with your data.Explain how you derived each data set.

Example: Asset 1 has an impact of 100 and has one vulnerability where the likelihood is 0.1 with a current control that addresses 50% of its risk and current knowledge (assumptions and data) is at 80% accuracy.

Table 1: Ranked Vulnerability Risk Worksheet

Asset

Asset Impact

Vulnerability

Likelihood

Risk-Rating Factor

Customer online account login request via SSL (inbound)

100

Lost request due to web server DoS attack

0.1

7

Based on the organizational structure, policies and risk assessment, what strategies will you implement to mitigate your risks.What other considerations will impact your decisions?You may also illustrate protection mechanisms in a system boundary diagram.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *