User Account

All Pages

Conduct and properly document risk assessment

Assignment Help Other Subject
Reference no: EM133119735

CO4512 Information Security Management - University of Central Lancashire

Level 7

Learning Outcome 1: Select and use applicable standards and methods for information security and risk management.

Learning Outcome 2: Conduct and properly document risk assessment based on a given scenario.

Learning Outcome 3: Find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches.

ASSESSMENT SCENARIO

A conveyancing & estate service in the UK, CONVXYZ, hired your team to set up their IT network/system. The company provides (i) real estate services for property vendors and buyers and (ii) conveyancing services by their employed lawyers. The goal of the security system is to prevent or minimize the business loss caused by possible incidents, such as malfunction, information stealing, data modification, deletion or destruction, etc., including the recent dangerous conveyancing scams that has several victims recently.

Your colleagues in the team have proposed the first version of the security network architecture depicted in Figure 1. As a person responsible for risk assessment in your team, your task is to conduct a risk assessment on this system.

In Figure 1 the internal network of CONVXYZ is denoted by the dashed box, and all the assets in this dashed box are located in the company premise in the UK.

In Figure 1 the internal network of CONVXYZ is denoted by the dashed box.

• The company has a website (by the web server) where the customers can browse the properties and contact the estate agents. After registering to their conveyancing service, the
customers get an account (username and password) to the website with which they can login and keep track of their property selling/buying transaction e.g., download documents for signing, upload their documents.
• The authentication server is responsible for authenticating the credentials (usernames and
passwords) of both the customers and staff (lawyers and estate agents). When performing an
authentication task, the authentication server communicates with the customer and staff database which stores information about the customers and staff. After a successful authentication, the customers and staff will be able to access to their property selling/buying documentations and current transaction/status.

• Company employees, such as lawyers and estate agents can use their computers to login the company website or browsing the internet.
• Before property exchange between the vendor and buyer, the buyer is requested to transfer the money to the bank account of CONVXYZ. The bank account details is sent to the
customer via email or by post.
• The mail server enables staff to send and receive emails from the customers and other member of staff.
• Individual visitors/customers can browse the website of CONVXYZ and register/login with their PCs via Internet.
• Lawyers are allowed to work remotely via a VPN (Virtual Private Network) tunnel.
• The PCs and servers are connected to 2 network switches and a router.
• The internal network is protected by a firewall.

ASSESSMENT BRIEF

In this assignment you have to:
• Conduct a risk assessment on the network in Figure 1, based on the ISO 27005 standard.
• Write a detailed risk assessment report (see REPORT STRUCTURE Section for the required structure).

REPORT STRUCTURE

To meet the requirements your report must have a professional look. In order to help you in this regard the following structure is provided as a guideline. The report must contain the following main sections, however, you are allowed to add subsections as you find reasonable.

Introduction
Here you will specify the risk assessment method that you use, discuss the advantages of this risk assessment method. Finally, highlight the certain tasks that you will perform during the risk assessment on the given system.

Risk Assessment
• This section contains the main part (result) of the report, namely, the whole risk assessment
process made on the system in Figure 1, besides your chosen system parameters. The section can include several sub-sections:
• Owner specification,
• Assets (primary and secondary). You should explain briefly why the assets are primary or
secondary. You can give a collective explanation for a group of assets instead of explaining for each asset.
• One threat for each asset.
• One vulnerability for each asset. The vulnerabilities have to be taken from one of the online
vulnerability databases (e.g. NVD), and have to be given with the official CVE- number.
• Likelihood level computation, using Boston gird
• Impact table specification
• Risk identification with the risk level, using risk matrix (Boston grid).
o At most 10 risks should be given.

Summary and Recommendations

In this section you summarize the main findings and write a non-technical recommendation (executive summary) for the management/director board, summarizing why they should invest in security and follow the ISO 27001 standards.

Attachment:- Information Security Management.rar

Reference no: EM133119735

Questions Cloud

What is the dvbp of portfolio : (a) Describe the two assumptions underlying the duration equation we learn in class.
Enhance employee task performance : Can you assist with two observable practices that are used to enhance employee task performance.
Net family property determination : What type of property/debt is excluded from 'net family property' determination?
Compute the value of the house : Dylan and Kaiyan married and moved into the house that Dylan already owned). He paid $200,000 for the house a few years before they married).
Conduct and properly document risk assessment : Find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches
What crypto firm accepts paypal : What crypto firm accepts paypal? What are the regulations if accepted?
Calculate the down payment on the home : It is February 18, 2022, Asra and Yadi are looking to buy their first home but prices during this pandemic seem especially high.
Explain in your own words what Investment Climate is : Explain in your own words what "Investment Climate" is. Which factors influence a country's investment climate
Find the irr for the company project : Find the IRR for the company's project. The initial outlay for the project is $414,700. The project will produce the following after-tax cash inflows of

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd